Overview

overview

7

Static

static

3

2991176639...18.exe

windows7-x64

7

2991176639...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    94s
  • max time network
    113s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/07/2024, 23:18

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2991176639468ead9fac846e32d151f0_JaffaCakes118.exe

  • Size

    95KB

  • MD5

    2991176639468ead9fac846e32d151f0

  • SHA1

    834ea181aa78a56a4416d3dcdf0180b76a0346a9

  • SHA256

    378692b1ff5651fc2566709310c1c144a0641c62eb2dc913e4b1145cb8f74184

  • SHA512

    443fc4ea5d78c39a5e73d5acc808e9feb53d3525b38c6a0467116af1c7a3936c8a50ee0615a4d91300dfb8ed2f00fded840e23abdfcfde03bdb2e4f7b25aee21

  • SSDEEP

    1536:EpgpHzb9dZVX9fHMvG0D3XJ0Vf2gUBglcADKd56zAmxFGlbJUcFJVKMYQxFD:ygXdZt9P6D3XJmOgkjADKd5H+FkFJnY0

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Modifies registry class 11 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2991176639468ead9fac846e32d151f0_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2991176639468ead9fac846e32d151f0_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2360
    • C:\Windows\SysWOW64\cscript.exe
      "C:\Windows\system32\cscript.exe" "C:\Program Files (x86)\EditPlus\kk57.icw"
      2⤵
      • Checks computer location settings
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:4092
      • C:\Windows\SysWOW64\WScript.exe
        "C:\Windows\SysWow64\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\kk57.icw"
        3⤵
          PID:1596
      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\installstat.exe
        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\installstat.exe
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:4804
    • C:\Program Files (x86)\Internet Explorer\ielowutil.exe
      "C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding
      1⤵
        PID:2288
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
        1⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2140
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2140 CREDAT:17410 /prefetch:2
          2⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:3020

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Program Files (x86)\EditPlus\kk57.icw
              Filesize

              132B

              MD5

              f773ec5dba0003ba8b49bf8548826795

              SHA1

              49494636f1a847b02e2969ffde924752e69bec0f

              SHA256

              19b744d3fce854e328652699dfd6cbc332ce4b76dc212dce8f6cfc2186a18ce9

              SHA512

              ad1a75d19e5fdd72a921641e2f815e4c80246fb82765d3c55487560734460e0fa8c5b2320441799f20d6212ebc66aeb7368452f947457721cc47e1ceec460dae

              Download Submit

            • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VYPBNTML\suggestions[1].en-US
              Filesize

              17KB

              MD5

              5a34cb996293fde2cb7a4ac89587393a

              SHA1

              3c96c993500690d1a77873cd62bc639b3a10653f

              SHA256

              c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

              SHA512

              e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\nsiE7FF.tmp\System.dll
              Filesize

              11KB

              MD5

              c17103ae9072a06da581dec998343fc1

              SHA1

              b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

              SHA256

              dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

              SHA512

              d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\nsiE7FF.tmp\nsExec.dll
              Filesize

              6KB

              MD5

              acc2b699edfea5bf5aae45aba3a41e96

              SHA1

              d2accf4d494e43ceb2cff69abe4dd17147d29cc2

              SHA256

              168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e

              SHA512

              e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\installstat.exe
              Filesize

              44KB

              MD5

              7c30927884213f4fe91bbe90b591b762

              SHA1

              65693828963f6b6a5cbea4c9e595e06f85490f6f

              SHA256

              9032757cabb19a10e97e158810f885a015f3dcd5ba3da44c795d999ea90f8994

              SHA512

              8aadb5fd3750ab0c036c7b8d2c775e42688265b00fe75b43a6addaefc7ee20d9fa3f074dd7943570c8519943011eda08216e90551b6d6a782b9ed5ce20aa6bab

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\kk57.icw
              Filesize

              743B

              MD5

              61bbcdd51f7926c3c3f67776fca52c78

              SHA1

              a2e30e0e566323743491a9330ea8d01900e58158

              SHA256

              3bd4ebe0d7e331629cbd63c8359ce2cd7690a3bc4ebe3c4fd1db22755830bdb5

              SHA512

              9b95d4bf39e677c93655bc1f0c7081c3a65d8915ef13b759a91b2f9de948eb0f1d8b3b2040b18b243ea9496accd9f010512a32c555a0f972bbc5c715b09f0ffb

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\statistics.dll
              Filesize

              80KB

              MD5

              67cf306d9bdb258d3cc5b3244cb54550

              SHA1

              8146becfa2fceb897216720e8fa59960b69ebae3

              SHA256

              a8526ac60d3c0d33c503c3d262752182864d1dbbd376ecc0ea60987dae869fa5

              SHA512

              74b1dcc812a2cd291a9429228929d2dba26a053315add45415da579c3ae7e7566a943930de42e81ff5d2a4c36de930cf9c5cb26ea92576c504a0621de633acfd

              Download Submit